X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fmonitoring%2Fstatus.nix;fp=modules%2Fprivate%2Fmonitoring%2Fstatus.nix;h=ed4d6812857eca914ef7d6213fe8185cd164525d;hb=6e9f30f4c63fddc5ce886b26b7e4e9ca23a93111;hp=0000000000000000000000000000000000000000;hpb=e820134d38c3b7470ea5112f40a6dc967f039878;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
new file mode 100644
index 0000000..ed4d681
--- /dev/null
+++ b/modules/private/monitoring/status.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, lib, name, ... }:
+{
+  options = {
+    myServices.status = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = ''
+          Whether to enable status app.
+        '';
+      };
+    };
+  };
+  config = lib.mkIf config.myServices.status.enable {
+    secrets.keys = [
+      {
+        dest = "naemon-status/environment";
+        user = "naemon";
+        group = "naemon";
+        permission = "0400";
+        text = ''
+          TOKENS=${builtins.concatStringsSep " " config.myEnv.monitoring.nrdp_tokens}
+          '';
+      }
+    ];
+    services.nginx = {
+      enable = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      virtualHosts."status.immae.eu" = {
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
+      };
+    };
+    security.acme.certs."${name}".extraDomains."status.immae.eu" = null;
+
+    myServices.certificates.enable = true;
+    networking.firewall.allowedTCPPorts = [ 80 443 18000 ];
+    systemd.services.naemon-status = {
+      description = "Naemon status";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        EnvironmentFile = config.secrets.fullPaths."naemon-status/environment";
+        Type = "simple";
+        WorkingDirectory = "${./status}";
+        ExecStart = let
+          python = pkgs.python3.withPackages (p: [ p.gunicorn p.flask p.flask_login ]);
+        in
+          "${python}/bin/gunicorn -w4 --bind unix:/run/naemon-status/socket.sock app:app";
+        User = "naemon";
+        RuntimeDirectory = "naemon-status";
+        StandardOutput = "journal";
+        StandardError = "inherit";
+      };
+    };
+  };
+}